about summary refs log tree commit diff
diff options
context:
space:
mode:
authorNguyễn Gia Phong <mcsinyx@disroot.org>2023-02-12 02:14:43 +0900
committerNguyễn Gia Phong <mcsinyx@disroot.org>2023-02-12 02:14:43 +0900
commit426235c17e4d6557744701a86783907351708af7 (patch)
tree12cb32aafb06635a0ccf455012b3626aac985db1
parent512571a3e9b4a690951db30cc027441452efc4a1 (diff)
downloadnixos-conf-426235c17e4d6557744701a86783907351708af7.tar.gz
Dogfood our authoritative DNS server
-rw-r--r--dns.nix19
-rw-r--r--ipfs.nix10
2 files changed, 18 insertions, 11 deletions
diff --git a/dns.nix b/dns.nix
index 307e930..35f6676 100644
--- a/dns.nix
+++ b/dns.nix
@@ -40,18 +40,21 @@
           any: info
 
       acl:
+        - id: lego
+          address: 127.0.0.1
+          address: ::1
+          key: lego
+          action: update
+          update-type: TXT
+          update-owner: key
         - id: secondary
           address: 204.87.183.53
           address: 2607:7c80:54:6::53
           action: transfer
-        - id: cnx
-          action: update
-          update-owner: key
-          key: cnx.gdn
         - id: xarvos
+          key: xrvs.net
           action: update
           update-owner: key
-          key: xrvs.net
 
       template:
         - id: default
@@ -63,15 +66,17 @@
         - domain: cnx.gdn
           notify: secondary
           acl: secondary
-          acl: cnx
         - domain: loang.net
+          notify: secondary
+          acl: lego
+          acl: secondary
         - domain: xrvs.net
           notify: secondary
           acl: secondary
           acl: xarvos
     '';
     keyFiles = [
-      "/var/lib/knot/keys/update/cnx.gdn"
+      "/var/lib/knot/keys/update/lego"
       "/var/lib/knot/keys/update/xrvs.net"
     ];
   };
diff --git a/ipfs.nix b/ipfs.nix
index d8c19c6..5122c67 100644
--- a/ipfs.nix
+++ b/ipfs.nix
@@ -26,11 +26,13 @@ in {
 
   security = {
     acme.certs.${domain} = {
-      credentialsFile = pkgs.writeText "namesilo.env" ''
-        NAMESILO_API_KEY_FILE=/var/lib/acme/namesilo.key
-        NAMESILO_PROPAGATION_TIMEOUT=1800
+      credentialsFile = pkgs.writeText "knot.env" ''
+        RFC2136_NAMESERVER=127.0.0.1
+        RFC2136_TSIG_KEY=lego
+        RFC2136_TSIG_ALGORITHM=hmac-sha256
+        RFC2136_TSIG_SECRET_FILE=/var/lib/acme/knot.secret
       '';
-      dnsProvider = "namesilo";
+      dnsProvider = "rfc2136";
       extraDomainNames = [
         "*.ipfs.${domain}"
         "*.ipns.${domain}"